The SINUS Firewall is a TCP/IP packet filter for Linux. Some of its features are stateful inspection of TCP communications, text-based configuration, graphical management interface for configuration of several firewalls, dynamic rules, prevention of packet and address spoofing, extensive logging, alerting, and counter intelligence.
sipscreen is a Linux iptables QUEUE target handler for screening inbound SIP phone calls flowing through a Linux gateway. If you have a Vonage appliance, or other voice-over-IP adapter located behind a Linux router, you may find sipscreen useful for accepting or rejecting calls based on the caller ID information, time of day, or other custom algorithms.
ssh-smart is a basic proof-of-concept implementation of ssh authentication via smartcard. The smartcard which is used to store the ssh identity is a memory card (I2C 16KBIT/2048 bytes). ssh-smart uses multiple Perl scripts and the smartcard program to establish communication with the reader and the memory card. It has only been tested with the Towitoko chip drive micro, but it could work with other card reader terminal drivers using the CT-API library. The project is in an early stage of development and a lot has to be done before it can be considered a reliable solution to store an ssh identity in a secure way.
sshdfilter automatically blocks ssh brute force attacks by reading sshd log output in real time and adding iptables rules based on authentication failures. Block rules are created by logging on with an invalid user name, or wrongly guessing the password for an existing account. Block rules are removed after a week to maintain a small list of blocks. It also comes with a LogWatch filter.
Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.
sslh accepts connections in HTTP, HTTPS, SSH, OpenVPN, tinc, XMPP, or any other protocol that can be tested using a regular expression, on the same port. This makes it possible to connect to any of these servers on port 443 (e.g. from inside corporate firewalls, which almost never block port 443) while still serving HTTPS on that port. sslh supports IPv6, privilege dropping, transparent proxying, and much more.
tcpxd is a TCP/IP relay or proxy, allowing a connection to a port on a system to be forwarded to another port on any other system. It is useful for firewalls and service relocations, and is small, simple, and fast. It's also easier to learn than netcat and supports TCP_NODELAY, alternate local ports, partial connection closures, and non-blocking connects.